Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
mediawiki mediawiki 1.19 vulnerabilities and exploits
(subscribe to this query)
828
VMScore
CVE-2012-4381
MediaWiki prior to 1.18.5, and 1.19.x prior to 1.19.2 saves passwords in the local database, (1) which could make it easier for context-dependent malicious users to obtain cleartext passwords via a brute-force attack or, (2) when an authentication plugin returns a false in the st...
Mediawiki Mediawiki
668
VMScore
CVE-2014-9487
The getid3 library in MediaWiki prior to 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote malicious users to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External Entity (XXE) attack. NOTE: Related to CVE-2014-2053.
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.12
Mediawiki Mediawiki 1.19.17
Mediawiki Mediawiki 1.19.19
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.21
Mediawiki Mediawiki 1.19.22
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.13
Mediawiki Mediawiki 1.19.14
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.19.11
668
VMScore
CVE-2013-6453
MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 does not properly sanitize SVG files, which allows remote malicious users to have unspecified impact via invalid XML.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki
668
VMScore
CVE-2013-4571
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 has unspecified impact and remote vectors.
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
668
VMScore
CVE-2013-4304
The CentralAuth extension for MediaWiki 1.19.x prior to 1.19.8, 1.20.x prior to 1.20.7, and 1.21.x prior to 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has not successfully logged in, which allows remote malicious users to bypass a...
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21
Brion Vibber Centralauth Extension -
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.20.1
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.20.6
Mediawiki Mediawiki 1.20.5
610
VMScore
CVE-2014-1610
MediaWiki 1.22.x prior to 1.22.2, 1.21.x prior to 1.21.5, and 1.19.x prior to 1.19.11, when DjVu or PDF file upload support is enabled, allows remote malicious users to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) t...
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.21.4
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.22.1
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.22.0
2 EDB exploits
605
VMScore
CVE-2014-5241
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki prior to 1.19.18, 1.20.x up to and including 1.22.x prior to 1.22.9, and 1.23.x prior to 1.23.2 accepts certain long callback values and does not restrict the initial bytes of a JSONP response, which allows remote ...
Mediawiki Mediawiki 1.19.10
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.7
Mediawiki Mediawiki 1.21.8
Mediawiki Mediawiki 1.20.4
Mediawiki Mediawiki 1.20.5
Mediawiki Mediawiki
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.9
Mediawiki Mediawiki 1.22.7
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.22.8
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.21.5
Mediawiki Mediawiki 1.21.6
Mediawiki Mediawiki 1.20.2
Mediawiki Mediawiki 1.20.3
Mediawiki Mediawiki 1.19.15
Mediawiki Mediawiki 1.19.16
Mediawiki Mediawiki 1.19.7
605
VMScore
CVE-2012-5391
Session fixation vulnerability in Special:UserLogin in MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the session_id.
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki 1.18.3
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.20
605
VMScore
CVE-2012-5395
Session fixation vulnerability in the CentralAuth extension for MediaWiki prior to 1.18.6, 1.19.x prior to 1.19.3, and 1.20.x prior to 1.20.1 allows remote malicious users to hijack web sessions via the centralauth_Session cookie.
Mediawiki Mediawiki 1.20
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.18.0
Mediawiki Mediawiki 1.18.1
Mediawiki Mediawiki 1.18.2
Mediawiki Mediawiki
Mediawiki Mediawiki 1.18
Mediawiki Mediawiki 1.18.4
Mediawiki Mediawiki 1.18.3
605
VMScore
CVE-2014-3454
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to hijack the authentication of users for requests that create c...
Mediawiki Mediawiki 1.22.0
Mediawiki Mediawiki 1.21
Mediawiki Mediawiki 1.21.1
Mediawiki Mediawiki 1.21.2
Mediawiki Mediawiki 1.21.3
Mediawiki Mediawiki 1.19
Mediawiki Mediawiki 1.19.0
Mediawiki Mediawiki 1.19.5
Mediawiki Mediawiki 1.19.6
Mediawiki Mediawiki 1.19.8
Mediawiki Mediawiki 1.19.1
Mediawiki Mediawiki 1.19.2
Mediawiki Mediawiki 1.19.3
Mediawiki Mediawiki 1.19.4
Mediawiki Mediawiki 1.19.7
Mediawiki Mediawiki
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3380
CVE-2024-1694
local file inclusion
CVE-2024-5645
CVE-2024-24919
XSS
CVE-2024-36774
CVE-2024-21306
SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »